my country’s legal system of network and data security and personal information protection – guided by the overall national security concept

1. The main content and structure of the four relevant laws

Not long ago, the “Personal Information Protection Law of the People’s Republic of China” was passed in anticipation. This law will definitely help safeguard the rights and interests of personal information, regulate personal information activities, and promote the rational application of personal information. Before the promulgation of the Personal Information Protection Law of the People’s Republic of China, the Cybersecurity Law of the People’s Republic of China, the Data Security Law of the People’s Republic of China and the National Security Law of the People’s Republic of China have been promulgated and implemented since 2015. These laws are neither isolated nor independent, but an organic legal system guided by the overall national security concept and led by the National Security Law of the People’s Republic of China. Through the main content and structure of these four laws, including the “National Security Law of the People’s Republic of China”, we can see that “security”, “network”, “data” and “personal information” are the common keywords of these four laws. is an organic whole.

2. Legislative purpose and scope of application

These four laws, and their legislative purposes, are all aimed at safeguarding national security, network security, data security and protecting the rights and interests of personal information. The scope of their application, especially in the “Data Security Law of the People’s Republic of China” and the “Personal Information Protection Law of the People’s Republic of China” introduced the extraterritorial effect system, so the legislative purpose is very clear, and the scope of application also has its own characteristics.

Three or four legal keyword statistics

In the National Security Law of the People’s Republic of China enacted in 2015, high attention was paid to network security, data security and personal information. The word “network” appears 11 times in the National Security Law, and the most important ones appear in Articles 25 and 59. We can even say that Article 25 is a special provision on network security in the National Security Law. . In other words, the National Security Law lays the legal foundation for the formulation of the Cybersecurity Law.

In the “Internet Security Law of the People’s Republic of China”, the keyword “network” appears 231 times in this law. Because data is generated in a network environment, the word “data” appears 16 times in the Cybersecurity Law. “Information” is used as the content of data or data is used as the carrier of information. The word “information” appears 105 times, of which personal information appears 20 times, all of which are concentrated in a special provision. The provisions on personal information are understood as a special provision for the protection and protection of personal information in the Cybersecurity Law. In the cybersecurity law, the word “security” appears very frequently, with a total of 177 occurrences.

In the “Data Security Law of the People’s Republic of China”, because the network is the premise of data generation, data must be inseparable from the network, so although the word “network” appears only 4 times, it is not representative. The word “data” appears 160 times, and the data here is no longer simply the word “data”, because it involves the classification of a large amount of data, and a corresponding system has been constructed in a targeted manner. The data security law has also made some strengthening and regulations on information and personal information, among which “security” appears 91 times in the data security law.

The newly promulgated “Personal Information Protection Law of the People’s Republic of China” emphasizes that personal information includes Electronic and other forms of personal information, but in the context of digitalization, there is no doubt that electronic information is the most diverse type of personal information. Although the word “network” appears only once in the Personal Information Protection Law, because electronic information must appear in a network environment, and “network” appears as a precondition and a precondition, it appears several times. not much. It is worth noting that the word “data” does not appear in the personal information protection law, but this does not mean that the personal information protection law and the data security law are not related. Returning to the definition of personal information, personal information is recorded in electronic or other forms, and information in electronic form, or personal information in electronic form, is undoubtedly subject to the adjustment and regulation of data security laws. The word “information” appears 297 times in the Personal Information Protection Law, of which “personal information” appears 288 times. The Personal Information Protection Law is not only a law to protect the rights and interests of personal information, regulate personal information processing activities, and promote the use of personal information, but also a law on personal information security, and the word “security” is used in this law. It appeared 22 times. It can be seen from the above statistics and analysis that these four laws are a coordinated, organic and unified legal system as a whole, guided by the overall national security concept and led by the National Security Law of the People’s Republic of China.

4. Discrimination and Interrelationship of Key Concepts

Security, network, data, and information appear in these four laws, and define national security, network security, and data security. Analyze this definition, especially the definition of national security in the National Security Law of the People’s Republic of China, and the classification of national security in Article 3. These classifications have a great relationship with the three laws that were subsequently introduced. For example, in Article 3 of the National Security Law, national security work should adhere to the overall national security concept, which is a basic principle. At the same time, the article also mentions the purpose of people’s safety, which of course includes the safety of personal information. Take political security as the foundation and economic security as the foundation. It can be seen that whether it is the network security law, the data security law, or the personal information protection law, they all take into account political security, and at the same time promote the development of the digital economy, protect economic security, and take military security, cultural security, and social security as the top priority. Guarantee, relying on the promotion of international security, and at the same time maintaining national security in all fields, to build a national security system, and take the road of national security with Chinese characteristics.

According to Article 3 of the National Security Law of the People’s Republic of China, national security is divided into seven specific types, namely people’s security, political security, economic security, military security, cultural security, social security and international security. Through the method of enumeration, it ultimately falls to maintaining national security in various fields. That is to say, the system of national security includes but is not limited to these seven specific types. In other areas of safety, special laws have made corresponding provisions. As far as the topics discussed in today’s forum – network security and data security, they have been incorporated into the system of national security. When it comes to the two laws, the Cybersecurity Law of the People’s Republic of China and the Data Security Law of the People’s Republic of China, we must distinguish between the following two concepts: the first is network security, and the second is data security.

Article 76 of the Cybersecurity Law defines cybersecurity, and Article 3 of the Data Security Law also defines data security. Through these definitions, we can see that there is overlap between network security and data security, but there are also large differences. For network security, this difference should not only consider the content of the data, but also consider some problems of network facilities. Therefore, the network security here includes data security, including but not limited to data security. In addition to data security, it also includes the security of cyberspace and the security of network facilities.

The concept of network data is mentioned in the Cybersecurity Law. Data is specifically defined in the Data Security Law. There are certain differences between the two definitions. For example, item 4 of Article 76 of the Cybersecurity Law states, “Network data refers to various electronic data collected, stored, transmitted, and processed through the Internet.” Article 3 of the Data Security Law states that “data refers to any record of information in electronic or other forms”. Therefore, these two terms have different definitions of “data”. Although both have the word “data”, they should be noted at the same time.

Regarding “personal information”, Article 76(5) of the Cybersecurity Law defines “personal information”. In the personal information protection law, “personal information” is the most critical and core term of this law. We can see that there are still some differences between them.

There are differences in the definitions of security, network, data, and personal information in these four laws, and at the same time, the definitions are consistent with each other. Only by paying attention to the differences and seeing the consistency can we fully understand the relationship between the four laws. Regardless of the “National Security Law of the People’s Republic of China”, “Network Security Law of the People’s Republic of China”, “Data Security Law of the People’s Republic of China” or “Personal Information Protection Law of the People’s Republic of China”, we cannot look at a single law in isolation. These four laws must be understood and deepened in the overall environment of these four laws in order to apply them accurately.

V. Summary

First, the “Internet Security Law of the People’s Republic of China”, the “Data Security Law of the People’s Republic of China” and the newly promulgated “Personal Information Protection Law of the People’s Republic of China”, these three laws have been successively promulgated and implemented. It is an organic legal system formed under the guidance of the overall national security concept and the National Security Law of the People’s Republic of China as the leader. They constitute an important part of the national security law system and are not isolated or independent.

Second, the “Internet Security Law of the People’s Republic of China”, the “Data Security Law of the People’s Republic of China” and the “Personal Information Protection Law of the People’s Republic of China”, the current legislation is mainly behavioral legislation, which is responsible for maintaining national security, network security, data security and The protection of personal information is undoubtedly of great significance. However, from the perspective of effective use of data resources, legislation on rights related to data and information needs to be increased in the future. Rights are the starting point of behavior, and behavior is the boundary of rights. Therefore, if the legislation of rights is delayed and absent for a long time, the management of behavior, the supervision of behavior, and even the effective use of data and information will have some adverse effects. Therefore, I also appeal here that after the behavior legislation on data, network and personal information and the relative basic framework are completed, we should turn the focus of legislation to legislation on rights.

Third, in the digital age, whether it is security or development, we need to speed up the formulation of telecommunications law, because telecommunications law is a very basic law in the digital age. Only by speeding up the formulation of the Telecommunications Law can we promote the development of basic telecommunications services and maintain the security of basic telecommunications services. Only when basic telecommunications services are further developed and their security is further maintained, can we promote and support the development of the entire digital society, digital economy and digital government, and can further protect network security, data security, and personal information. Therefore, the long-term absence of the telecommunications law is detrimental to network security, data security and personal information protection, so the legislative process of the telecommunications law should be accelerated.

Fourth, in the era of digitization, whether it is enterprises, institutions, other legal entities, social groups, or even natural persons, our identities, behaviors, and social relationships between them have all been digitized. Therefore, data governance is a must to face up to. The problem. Whether it is to maintain network security or data security, or to protect personal information and promote the effective use of network, data and personal information, the supervision of data behavior is particularly important. Because the supervision of data involves all aspects of social governance, not only social governance, but also economic development and government management. Therefore, data supervision is a cross-departmental and cross-domain issue, and a coordination mechanism for data collaborative supervision needs to be established as soon as possible. We don’t want the nine dragons to control the flood, but these nine dragons must be united. Only in this way can an effective data coordination, supervision and coordination mechanism be established. Only by establishing a coordination mechanism for collaborative data supervision can we better achieve the legislative goals pursued by these laws. Of course, the establishment of a system for collaborative data supervision is a prerequisite. Under the premise of this system, the coordination mechanism of data collaborative supervision should be improved.

Fifth, it is necessary to properly handle the relationship between the network and data, data and information in the “Network Security Law of the People’s Republic of China”, “Data Security Law of the People’s Republic of China” and “Personal Information Protection Law of the People’s Republic of China”. concepts and their relationships. These groups of concepts and relationships not only have important theoretical significance, but also have more important practical value. Undoubtedly, without significant practical value, its theoretical significance will be dimmed. It is precisely because the connotation, extension and relationship between these groups of concepts have very important practical value and theoretical significance, so it is necessary for us to further analyze and clarify.

The Links:   SKIIP13AC12T4V1 G101EVN030